package com.blb.java12springsecutiry.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {
//    //外层页面
//    @RequestMapping("/{page}.html")
//    public String page(@PathVariable String page , Model model){
//        if ("hello".equals(page)){
//            //从Security中获得用户信息和权限
//            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
//            //用户信息
//            Object principal = authentication.getPrincipal();
//            if(principal instanceof User){
//                User user = (User) principal;
//                model.addAttribute("username",user.getUsername());
//                model.addAttribute("authorities",user.getAuthorities());
//            }else {
//                model.addAttribute("username",principal);
//            }
//
//        }
//        return page;
//    }
//    //内层
//    @RequestMapping("/{path}/{page}.html")
//    public String page2(@PathVariable String path,@PathVariable String page){
//        return path + "/" + page;
//    }
    @PreAuthorize("hasAuthority('销售管理')")
    @RequestMapping("/hello1")
    public String hello1(){
        return "Hello 销售管理";
    }

        @PreAuthorize("hasAuthority('采购管理')")
        @RequestMapping("/hello2")
        public String hello2(){
            return "Hello 采购管理";
        }

        @PreAuthorize("hasAuthority('仓库管理')")
        @RequestMapping("/hello3")
        public String hello3(){
            return "Hello 仓库管理";
        }
}
